Comptia help2pass passed Exam Today Cas-004 by Dolly q50 vce pdf

Page: 25 / 38

Exam Name:	CompTIA Advanced Security Practitioner (CASP+) Exam
Exam Code:	CAS-004 Dumps
Vendor:	CompTIA	Certification:	CompTIA CASP
Questions:	521 Q&A's	Shared By:	dolly

Question 100

A small company recently developed prototype technology for a military program. The company’s security engineer is concerned about potential theft of the newly developed, proprietary information.

Which of the following should the security engineer do to BEST manage the threats proactively?

Options:

Join an information-sharing community that is relevant to the company.

Leverage the MITRE ATT&CK framework to map the TTR.

Use OSINT techniques to evaluate and analyze the threats.

Update security awareness training to address new threats, such as best practices for data security.

Discussion

Question 101

A security engineer was auditing an organization’s current software development practice and discovered that multiple open-source libraries were Integrated into the organization’s software. The organization currently performs SAST and DAST on the software it develops.

Which of the following should the organization incorporate into the SDLC to ensure the security of the open-source libraries?

Options:

Perform additional SAST/DAST on the open-source libraries.

Implement the SDLC security guidelines.

Track the library versions and monitor the CVE website for related vulnerabilities.

Perform unit testing of the open-source libraries.

Discussion

Question 102

A developer is creating a new mobile application for a company. The application uses REST API and TLS 1.2 to communicate securely with the external back-end server. Due to this configuration, the company is concerned about HTTPS interception attacks.

Which of the following would be the BEST solution against this type of attack?

Options:

Wildcard certificates

HSTS

Certificate pinning

Discussion

Question 103

Device event logs sources from MDM software as follows:

Questions 103

Which of the following security concerns and response actions would BEST address the risks posed by the device in the logs?

Options:

Malicious installation of an application; change the MDM configuration to remove application ID 1220.

Resource leak; recover the device for analysis and clean up the local storage.

Impossible travel; disable the device’s account and access while investigating.

Falsified status reporting; remotely wipe the device.

Discussion

Elise

I've heard that Cramkey is one of the best websites for exam dumps. They have a high passing rate and the questions are always up-to-date. Is it true?

Cian Sep 26, 2024

Definitely. The dumps are constantly updated to reflect the latest changes in the certification exams. And I also appreciate how they provide explanations for the answers, so I could understand the reasoning behind each question.

Walter

Yayyy!!! I passed my exam with the help of Cramkey Dumps. Highly appreciated!!!!

Angus Nov 4, 2024

YES….. I saw the same questions in the exam.

Robin

Cramkey is highly recommended.

Jonah Oct 16, 2024

Definitely. If you're looking for a reliable and effective study resource, look no further than Cramkey Dumps. They're simply wonderful!

Carson

Yeah, definitely. I would definitely recommend Cramkey Dumps to anyone who is preparing for an exam.

Rufus Aug 20, 2024

Me too. They're a lifesaver!